wordpress blog stats
Connect with us

Hi, what are you looking for?

Database with personal information of over 275 million Indians hijacked: Report


An unprotected database with personal information of more than 275 million Indians has been hijacked by hackers, who may have stolen all or some of the data, reports Bob Diachenko, a security consultant and journalist at SecurityDiscovery.com. Diachenko said he found the unsecured and publicly indexed MongoDB database on May 1 and informed India’s Computer Emergency Response Team (CERT) at once.

However, the database was not secured, and on May 8 it was hacked by the Unistellar group, which wiped all the data. Diachenko said the records included people’s names, email, gender, date of birth, mobile phone number, current salary, employment history and current employer, education level and area of specialisation, and professional skills and functional area. He wrote that while the number of records stolen could be fewer that the total number exposed “it is still one of the biggest breaches reported in the region”. He said the database did not indicate who owned it but its structure hinted that it had been collected as part of a massive scraping operation. It was hosted on Amazon Web Services (AWS) infrastructure, and a reverse DNS lookup showed no results.

AmEx India’s database exposed for 5 days last October

Last October, Diachenko found that an unprotected MongoDB database with millions of records that belonged to American Express India had been accessible to anyone for more than five days. The database contained customers’ names, phone numbers, addresses, PAN numbers and Aadhaar IDs. He said that most of the data was encrypted but several collections were not. The largest non-encrypted collection of data had 689,272 records, including customers’ phone numbers, names, email addresses, and the type of card they owned. Another 2.3 million records were encrypted. Diachenko said that many of the entries had fields such as ‘campaignID’, ‘prequalstatus’ and ‘leadID’, which led him to suspect that the database was not managed by AmEx itself but by a subcontractor handling SEO or lead generation. He said AmEx secured the database soon after he informed them about it. The company told him there had been no authorised access and no customer data had been affected.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like


Google has closed its deal to acquire fitness wearables company Fitbit, even as probes by competition regulators in the United States and Australia are...


WhatsApp has reiterated in a blog post on Tuesday that the service is end-to-end encrypted and neither it or Facebook can see messages. It...


Links to private WhatsApp group chats have been indexed on Google search results, the Indian Express reported. The exposure was surfaced by security researcher...


The chipmaker Intel has now launched a facial recognition solution, which the company says will work with smart locks, access control, point-of-sale devices, ATMs...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to Daily Newsletter

    © 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ